Skip to content
CVSS 7.3 · HIGH

CVE-2026-7550

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

View on NVD

Analysis

This SQL injection affects a Pharmacy Sales and Inventory System script from SourceCodester, which is typically used for educational or hobbyist purposes. Because this is not a widely deployed or professional-grade application, it does not warrant the attention of the MexicoDev community admins.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0003 (0.0%)
Percentile: 8.5%
EPSS: 2026-05-06

Technical description

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: 5/1/2026, 5:16:03 AM
Last modified: 5/1/2026, 3:26:24 PM

References

HomeEventsBlogResourcesTeam